5 Myths About Cyber Security and Data Breaches
Data privacy is a rapidly evolving area with many misconceptions. Being aware of such myths puts agents at an advantage as they can explain, in relatable terms, why their clients need to focus on this issue.
Security and data breaches take place daily, and they don’t favor one organization or industry over another. Companies should consider the “how” of a breach as opposed to the “who” to evaluate their exposure to a similar event. Until recently, many considered data and network security risk trivial compared to threats like theft, slip and falls and workplace violence. But with the compromising of data and computer systems occurring at much greater frequency, it’s one risk you don’t want to underestimate. Reputational harm stemming from a poorly managed breach can be catastrophic.
Consider the recent breach on the nation’s second-largest health insurer affecting more than 80 million customers and employees. Many believe healthcare providers are soft targets due to a lack of technology, but a data security approach that focuses on technology at the expense of people and processes will not be effective.
Five Myths You Can’t Afford to Believe
Network security and data privacy is only a problem for large companies. Data privacy and network security is a concern for any size organization. Rogue employees, data thieves, and unscrupulous business associates look to take advantage of any weakness. Additionally, human error by negligent or careless staff accounts for a surprising number of breaches around the country. The costs incurred as a result of a data or security incident can be crushing for any size business.
We can afford to self-insure the risk. With greater demands on limited budgets, many organizations spend less on discretionary items, such as certain lines of insurance. They wrongly believe that, if something happens, they can afford to cover the costs. The average cost of an insured breach in 2013 was $733,000, according to the NetDiligence Annual Claims study. While these costs can be insured, incident response expenses alone, including legal, forensic investigation, notification, monitoring and public relations expense add up very quickly. This is a great talking point for potential clients on the fence over cyber insurance.
Insurance coverage is expensive and hard to get. This perception was true 10 years ago, but not today. Increased market capacity, claims experience and a larger pool of buyers have made network security and privacy liability insurance coverage more cost effective and easier to obtain.
Our general liability policy will cover us. General liability insurance typically covers bodily injury and property damage. The courts have consistently ruled that data is not property and is considered intangible. Tell your clients if they don’t carry specialized coverage for financial injury arising from a failure of security or a failure to protect confidential information, they’re probably exposed.
We have vendors who handle our sensitive information and credit card transactions; if they have a breach, it’s their problem, not ours. Not generally true. The data owner is ultimately responsible for that data. Therefore, a breach at a trusted contractor still triggers notification obligations – this risk can’t be transferred to that vendor partner.
From a small burger joint in California to a local dental clinic in Washington, these data breaches are occurring. Transferring the risk brings not only financial security but also, in many cases, loss control services. Many carriers are offering value-add services with their insurance products that make the insured a better risk. It’s a win-win.